cubicweb #2175158 [security] let's have a context manager a la `traced_selection` to help trace security [open]

Debugging complex security rules can be a real PITA as there are many paths to their execution. Having one special-purpose context manager show for a given scope every read-security (rql rewrite) and rql_expression checks would be a big big help.